Hello,
Nigel Metheringham wrote:
> In 2.0.x kernels you can take all forwarded packets matching a particular
> mask (say something like source 192.168.2.0/24 to 0/0) and redirect them
> to a specified local port. A proxy listening on that port can then take
> the connection, check the end points (using getsockname()), and deal with
> the connection.
Thus, our local "interceptor" will determine remote site of the
request via getsockname(), and transform:
GET /stuff.html HTTP/1.0
into this, aimed at the local port 3128:
GET http://198.17.46.59/stuff.html HTTP/1.0
Unless, they've got:
GET /stuff.html HTTP/1.0
Host: squid.nlanr.net
Which would make things easier, unless, there are clients who "lie"
on the Host header.
Without a Host header, you don't know that 198.17.46.59 is actually
squid.nlanr.net, unless you do an in-addr.arpa lookup, which will slow
you down.
Finally, your transparent proxy won't catch requests to non-80 ports,
unless you've got something listening to each and every port (!)
All the best,
-- miguel a.l. paraz <map@iphil.net> | iphil communications, makati city, ph pgp key id: 0x43F0D011 | <http://www.iphil.net>Received on Fri Jan 03 1997 - 22:52:27 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:59 MST